BYO iPads and iPhones invading your office? Here are the hidden costs
Rob Bamforth, Principal Analyst
BYO iPads and iPhones invading your office? Here are the hidden costshttp://www.quocirca.com © 2011 Quocirca Ltd
In all the talk about the consumerisation of IT, it's theencroachment of consumer mobile devices - inparticular smartphones and tablets - that appears tobe causing most passion.The pro argument generally consists of the followingstrands: employees are already used to better toolsin their personal life, we have to do this to recruit ayounger workforce, our brand will suffer if we're notseen as leading edge, and it's cheaper.Whatever the reality or merits of the first three, thelast point about cheapness deserves closer investigation along with the impact on organisationalsecurity.The problem is that allowing employees to pick,choose, buy and bring their own mobile tools into theworkplace seems like simply outsourcing a particular procurement issue to someone who cares morepassionately about it. However, it brings a lot morebaggage than the neat little black or white cardboardbox the hardware arrives in.There are three significant aspects to mobileconsumerisation - device, contract and content.Device is the part that most focus on, and why not?It's the shiny gadget that has become cool anddesirable. It taps into people's feelings about self-esteem and status as well as any social needs for connection or geeky desire for the latest toy.These devices are expensive so, on the face of it,encouraging employees to BYOD - bring/buy your own device - saves money.But there are bigger costs and risks at stakeelsewhere for the organisation. Mobile devicestypically need network contracts, unless relying onpay-as-you-go or free wi-fi for connection.All-embracing corporate contracts come with manyfinancial economies of scale that a chaotic collectionof independent employee ones will lack. Quocircahas explored this challenging issue more fully in itsrecent free-to-download report “Carrying the can”.The third area, content, is equally complex. Whoever owns and pays for a mobile device - employee or employer - its use is likely to straddle personal andbusiness activities. In addition to communicationstools and access for business applications, there willalways be a mass of consumer content.For smartphones and tablets, content includes bothsoftware and data. The line is often blurred, anddespite many technical and religious discussions, theunderlying issues of enterprise control of costs andrisks apply either way.The convergence of work and personal content onone device, no matter who purchased the hardwareor pays for the connection, raises the issues of content security, suitability and diligence.For most organisations, mobile security is a major concern, and rightly so, as it is not only maliciousacts such as theft and hacking or the careless loss of a device that might lead to breaches of security.Simply cutting corners for the sake of expediency willnot do.Two doctors were recently overheard on the traindiscussing how their operation lists were beingdownloaded to their iPhones. They found
it useful butwondered if it might not be good practice, althoughthey presumed there was insufficient detail to identifypatients.Whether this procedure was instigated by the userstrying to make their lives simpler or someone in ITwanting to appear useful, is irrelevant. Mobilesecurity needs to be seen to be taken seriously aswell as actually being addressed through suitable on-device software, content access practices andservices from providers.All too often it appears there has been only a limitedmobile security risk assessment or insufficient user training. These aspects may lack the intellectualpizzazz of security software, VPNs and all thingsprefixed 'cyber', but the social or human elements arecritical for addressing the weakest link - the user.